You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by ja...@apache.org on 2020/10/02 16:04:28 UTC
svn commit: r1882201 -
/httpd/httpd/branches/2.4.x/docs/manual/mod/mod_ssl.xml
Author: jailletc36
Date: Fri Oct 2 16:04:28 2020
New Revision: 1882201
URL: http://svn.apache.org/viewvc?rev=1882201&view=rev
Log:
Document that HTTPS and SSL_TLS_SNI environment variables are always defined, regardless of 'SSLOptions StdEnvVars' .
Fix some small style issues to improve syntax hightlight.
PR 64783.
r1882199 on trunk [skip ci]
While at it synch with trunk:
- fix two typos
- remove some trailing space
- do not use <em> tags for 'on|off' parameters
Modified:
httpd/httpd/branches/2.4.x/docs/manual/mod/mod_ssl.xml
Modified: httpd/httpd/branches/2.4.x/docs/manual/mod/mod_ssl.xml
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/docs/manual/mod/mod_ssl.xml?rev=1882201&r1=1882200&r2=1882201&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/docs/manual/mod/mod_ssl.xml (original)
+++ httpd/httpd/branches/2.4.x/docs/manual/mod/mod_ssl.xml Fri Oct 2 16:04:28 2020
@@ -43,21 +43,23 @@ to provide the cryptography engine.</p>
<section id="envvars"><title>Environment Variables</title>
<p>This module can be configured to provide several items of SSL information
-as additional environment variables to the SSI and CGI namespace. This
+as additional environment variables to the SSI and CGI namespace. Except for
+<code>HTTPS</code> and <code>SSL_TLS_SNI</code> which are always defined, this
information is not provided by default for performance reasons. (See
-<directive>SSLOptions</directive> StdEnvVars, below.) The generated variables
+<directive module="mod_ssl">SSLOptions</directive> <code>StdEnvVars</code>, below)
+The generated variables
are listed in the table below. For backward compatibility the information can
be made available under different names, too. Look in the <a
href="../ssl/ssl_compat.html">Compatibility</a> chapter for details on the
compatibility variables.</p>
-<table border="1">
+<table border="1" style="zebra">
<columnspec><column width=".3"/><column width=".2"/><column width=".5"/>
</columnspec>
<tr>
- <th><a name="table3">Variable Name:</a></th>
- <th>Value Type:</th>
- <th>Description:</th>
+ <th><a name="table3">Variable Name</a></th>
+ <th>Value Type</th>
+ <th>Description</th>
</tr>
<tr><td><code>HTTPS</code></td> <td>flag</td> <td>HTTPS is being used.</td></tr>
<tr><td><code>SSL_PROTOCOL</code></td> <td>string</td> <td>The SSL protocol version (SSLv3, TLSv1, TLSv1.1, TLSv1.2)</td></tr>
@@ -1440,7 +1442,7 @@ utility:</p>
openssl srp -srpvfile passwd.srpv -userinfo "some info" -add username
</example>
<p> The value given with the optional <code>-userinfo</code> parameter is
-avalable in the <code>SSL_SRP_USERINFO</code> request environment variable.</p>
+available in the <code>SSL_SRP_USERINFO</code> request environment variable.</p>
</usage>
</directivesynopsis>
@@ -1480,10 +1482,10 @@ SSLSRPUnknownUserSeed "secret"
<usage>
<p>
This directive can be used to control various run-time options on a
-per-directory basis. Normally, if multiple <code>SSLOptions</code>
+per-directory basis. Normally, if multiple <directive>SSLOptions</directive>
could apply to a directory, then the most specific one is taken
completely; the options are not merged. However if <em>all</em> the
-options on the <code>SSLOptions</code> directive are preceded by a
+options on the <directive>SSLOptions</directive> directive are preceded by a
plus (<code>+</code>) or minus (<code>-</code>) symbol, the options
are merged. Any options preceded by a <code>+</code> are added to the
options currently in force, and any options preceded by a
@@ -1533,8 +1535,8 @@ The available <em>option</em>s are:</p>
</li>
<li><code>StrictRequire</code>
<p>
- This <em>forces</em> forbidden access when <code>SSLRequireSSL</code> or
- <code>SSLRequire</code> successfully decided that access should be
+ This <em>forces</em> forbidden access when <directive module="mod_ssl">SSLRequireSSL</directive> or
+ <directive module="mod_ssl">SSLRequire</directive> successfully decided that access should be
forbidden. Usually the default is that in the case where a ``<code>Satisfy
any</code>'' directive is used, and other access restrictions are passed,
denial of access due to <code>SSLRequireSSL</code> or
@@ -1687,9 +1689,9 @@ href="#envvars">Environment Variables</a
the <a href="../expr.html#functions">ap_expr documentation</a>.</p>
<p>The <em>expression</em> is parsed into an internal machine
-representation when the configuration is loaded, and then evaluated
-during request processing. In .htaccess context, the <em>expression</em> is
-both parsed and executed each time the .htaccess file is encountered during
+representation when the configuration is loaded, and then evaluated
+during request processing. In .htaccess context, the <em>expression</em> is
+both parsed and executed each time the .htaccess file is encountered during
request processing.</p>
<example><title>Example</title>
@@ -2523,8 +2525,8 @@ Responder), this option should be turned
<directivesynopsis>
<name>SSLOCSPNoverify</name>
<description>skip the OCSP responder certificates verification</description>
-<syntax>SSLOCSPNoverify <em>On/Off</em></syntax>
-<default>SSLOCSPNoverify Off</default>
+<syntax>SSLOCSPNoverify on|off</em></syntax>
+<default>SSLOCSPNoverify off</default>
<contextlist><context>server config</context>
<context>virtual host</context></contextlist>
<compatibility>Available in httpd 2.4.26 and later, if using OpenSSL 0.9.7 or later</compatibility>
@@ -2822,7 +2824,7 @@ should be shared between multiple nodes.
it is recommended to <em>not</em> configure a ticket key file, but to
rely on (random) keys generated by mod_ssl at startup, instead.</p>
<p>The ticket key file must contain 48 bytes of random data,
-preferrably created from a high-entropy source. On a Unix-based system,
+preferably created from a high-entropy source. On a Unix-based system,
a ticket key file can be created as follows:</p>
<example>